Cyber Attack cyber

Marks & Spencer

May 14, 2025 1 min read
Marks & Spencer

Marks & Spencer, a British retail chain, revealed on Tuesday that some of its customers' personal data had been stolen in a cyberattack. The incident was sophisticated and led to the suspension of online sales and contactless payments. The company emphasized that no payment details or passwords were compromised. Affected customers were notified, but the exact number was not disclosed. The company assured that no further action was necessary beyond resetting passwords. There is no indication that the stolen data has been shared. M&S reported the incident to relevant authorities and law enforcement and continues to collaborate with them.

Source: https://datanews.levif.be/actualite/securite/cybercrime/cyberattaque-contre-marks-spencer-des-donnees-personnelles-volees/

TPRM report: https://scoringcyber.rankiteo.com/company/marks-and-spencer

"id": "mar528051425",
"linkid": "marks-and-spencer",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Retail',
                        'location': 'Britain',
                        'name': 'Marks & Spencer',
                        'type': 'Retail Chain'}],
 'attack_vector': 'Cyberattack',
 'customer_advisories': 'Reset passwords',
 'data_breach': {'type_of_data_compromised': 'Personal Data'},
 'date_publicly_disclosed': 'Tuesday',
 'description': 'Marks & Spencer, a British retail chain, revealed on Tuesday '
                "that some of its customers' personal data had been stolen in "
                'a cyberattack. The incident was sophisticated and led to the '
                'suspension of online sales and contactless payments. The '
                'company emphasized that no payment details or passwords were '
                'compromised. Affected customers were notified, but the exact '
                'number was not disclosed. The company assured that no further '
                'action was necessary beyond resetting passwords. There is no '
                'indication that the stolen data has been shared. M&S reported '
                'the incident to relevant authorities and law enforcement and '
                'continues to collaborate with them.',
 'impact': {'data_compromised': 'Personal Data',
            'operational_impact': 'Suspension of online sales and contactless '
                                  'payments',
            'systems_affected': ['Online Sales', 'Contactless Payments']},
 'references': [{'source': 'Marks & Spencer'}],
 'regulatory_compliance': {'regulatory_notifications': 'Relevant authorities '
                                                       'and law enforcement '
                                                       'were notified'},
 'response': {'communication_strategy': 'Affected customers were notified',
              'law_enforcement_notified': 'Yes'},
 'title': 'Marks & Spencer Cyberattack',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.